Barnes & Noble customer data at risk after PIN pad tampering

63 stores attacked

Shoppers at Barnes & Noble stores in nine states may have had sensitive credit and debit card information stolen, the company announced Tuesday.

According to a press release, evidence of PIN pad tampering was discovered at 63 U.S. stores. The figure represents less than 1 percent of PIN pads found in Barnes & Noble's nearly 700 locations.

The breach is the result of a "sophisticated criminal effort to steal credit card information, debit card information and debit card PIN numbers from customers who swiped their cards through PIN pads."

"This situation involved only purchases in which a customer swiped a credit or debit card in a store using one of the compromised PIN pads," the company said.

Bugs at B & N

According to the release, the perpetrators planted bugs in the tampered PIN pad devices that allowed for the capture of credit card and PIN numbers.

Barnes & Noble disconnected all PIN pads from stores nationwide by the close of business on Sept. 14, the company said.

No criminals were named in the press release, nor was mention made of how they were able to carry out their rouse.

The tampered devices were discovered in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island.

Taking action

Only one "compromised" PIN pad in each of the affected stores was hit. However, Barnes & Noble decided to discontinue use of all PIN pads after the breach was discovered.

The bookseller said it completed an investigation involving the inspection and validation of every PIN pad in every store.

Federal authorities are also conducting an investigation, one which Barnes & Noble supports.

The company is also working with banks, payment card brands and issuers to identify accounts that may have been compromised.

Customer databases are secure, the company assured, and purchases made on Barnes & Noble.com, Nook and Nook mobile apps were not affected. The member database was also left untouched and none of the affected PIN pads were found at Barnes & Noble College Bookstores.

TechRadar has reached out to Barnes & Noble for comment and will update this story if and when more information is received.

For a complete list of affected stores, check out the source link below.